{
  "aws:requesttag/${tagkey}": {
    "key": "aws:RequestTag/${TagKey}",
    "description": "Filters access based on the tags that are passed in the request",
    "type": "String"
  },
  "aws:resourcetag/${tagkey}": {
    "key": "aws:ResourceTag/${TagKey}",
    "description": "Filters access based on the tags associated with the resource",
    "type": "String"
  },
  "aws:tagkeys": {
    "key": "aws:TagKeys",
    "description": "Filters access based on the tag keys that are passed in the request",
    "type": "ArrayOfString"
  },
  "iam:awsservicename": {
    "key": "iam:AWSServiceName",
    "description": "Filters access by the AWS service to which this role is attached",
    "type": "String"
  },
  "iam:associatedresourcearn": {
    "key": "iam:AssociatedResourceArn",
    "description": "Filters access by the resource that the role will be used on behalf of",
    "type": "ARN"
  },
  "iam:fido-fips-140-2-certification": {
    "key": "iam:FIDO-FIPS-140-2-certification",
    "description": "Filters access by the MFA device FIPS-140-2 validation certification level at the time of registration of a FIDO security key",
    "type": "String"
  },
  "iam:fido-fips-140-3-certification": {
    "key": "iam:FIDO-FIPS-140-3-certification",
    "description": "Filters access by the MFA device FIPS-140-3 validation certification level at the time of registration of a FIDO security key",
    "type": "String"
  },
  "iam:fido-certification": {
    "key": "iam:FIDO-certification",
    "description": "Filters access by the MFA device FIDO certification level at the time of registration of a FIDO security key",
    "type": "String"
  },
  "iam:organizationspolicyid": {
    "key": "iam:OrganizationsPolicyId",
    "description": "Filters access by the ID of an AWS Organizations policy",
    "type": "String"
  },
  "iam:passedtoservice": {
    "key": "iam:PassedToService",
    "description": "Filters access by the AWS service to which this role is passed",
    "type": "String"
  },
  "iam:permissionsboundary": {
    "key": "iam:PermissionsBoundary",
    "description": "Filters access if the specified policy is set as the permissions boundary on the IAM entity (user or role)",
    "type": "ARN"
  },
  "iam:policyarn": {
    "key": "iam:PolicyARN",
    "description": "Filters access by the ARN of an IAM policy",
    "type": "ARN"
  },
  "iam:registersecuritykey": {
    "key": "iam:RegisterSecurityKey",
    "description": "Filters access by the current state of MFA device enablement",
    "type": "String"
  },
  "iam:resourcetag/${tagkey}": {
    "key": "iam:ResourceTag/${TagKey}",
    "description": "Filters access by the tags attached to an IAM entity (user or role)",
    "type": "String"
  }
}